CN106452789A - Signature method of preventing side-channel attack from multi-azimuth - Google Patents

Signature method of preventing side-channel attack from multi-azimuth Download PDF

Info

Publication number
CN106452789A
CN106452789A CN201610943335.6A CN201610943335A CN106452789A CN 106452789 A CN106452789 A CN 106452789A CN 201610943335 A CN201610943335 A CN 201610943335A CN 106452789 A CN106452789 A CN 106452789A
Authority
CN
China
Prior art keywords
key element
random number
bit
azimuth
channel attack
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610943335.6A
Other languages
Chinese (zh)
Other versions
CN106452789B (en
Inventor
王亚伟
王磊
张文婧
雷艳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING HONGSI ELECTRONIC TECHNOLOGY Co Ltd
Original Assignee
BEIJING HONGSI ELECTRONIC TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING HONGSI ELECTRONIC TECHNOLOGY Co Ltd filed Critical BEIJING HONGSI ELECTRONIC TECHNOLOGY Co Ltd
Priority to CN201610943335.6A priority Critical patent/CN106452789B/en
Publication of CN106452789A publication Critical patent/CN106452789A/en
Application granted granted Critical
Publication of CN106452789B publication Critical patent/CN106452789B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a signature method of preventing side-channel attack from multi-azimuth. The signature method of preventing side-channel attack from multi-azimuth is characterized in that the technology or similar technology contained in the signature method masks the base, and an RSA signature or other public key system signatures are obtained; in the signature method of preventing side-channel attack from multi-azimuth, two module exponentiation results are obtained at the same time, and the power exponents are radix minus one complement for each other; when modular exponentiation is realized, the verification technology of preventing outputting error data is used; and for the modular exponentiation algorithm which does not use the jump statement, the signature method of preventing side-channel attack from multi-azimuth is the technology that during the operation process, the data or the operation result data is equal to the Hamming weight. The signature method of preventing side-channel attack from multi-azimuth effectively protects the step which is known and is easy to be attacked during the RSA STD operation process. The modular exponentiation provided by the signature method of preventing side-channel attack from multi-azimuth can be fully applied to the RSA CRT operation, and can realize that the algorithm of the modular exponentiation algorithm and the complementary power can be transplanted to the point multiplication operation of SM2 at the same time. The test that whether the module exponentiation is attacked can be similarly transplanted in the point multiplication operation of SM2.

Description

A kind of endorsement method of multi-faceted anti-side-channel attack
Technical field
The present invention relates to information security field, particularly to a kind of endorsement method of multi-faceted anti-side-channel attack.
Background technology
RSA public key encryption algorithm is the public key cryptography technology comparing main flow in information security field.Each based on RSA realization Plant Key and smart card has been widely used for the every field such as finance, communication, social security, traffic.Tradition is main to the attack of RSA Based on Big prime decomposition algorithm in mathematics, and side-channel attack quickly grows in recent years, and various attack meanses emerge in an endless stream.
SPA, DPA, CPA, double attack and fault analysis mainly to be considered to the protection of RSA signature in the past.For prevent with Upper attack, existing scheme general all mask index and truth of a matter in the modular exponentiation calculation of RSA signature, using similar Montgomery It is operationally just the same that the mode of ladder seeks modular multiplication, mould square, and prevents mistake by way of mould power twice by calculating Attack.But all of scheme all cannot protect all attack methods set forth above.And due to recent attack tool and attack The improvement of method, the scheme being in the past similar to Montgomery ladder is easy to be attacked out knot because of redirecting by SPA in realization Really, and if the Hamming weight of operand is inconsistent also easily attacked.
Content of the invention
It is an object of the invention to provide a kind of endorsement method of multi-faceted anti-side-channel attack.
The invention provides a kind of endorsement method of multi-faceted anti-side-channel attack and scheme, it is right that the method can effectively be defendd The attack of RSA signature.During mould power is realized, calculate the mould power of index and the mould power of index complement code, i.e. a mould power simultaneously Process calculates the value of two mould powers, and ensures balancing energy in power consumption.When mould power is subject to fault analysis, by mathematical operation Can judge whether the data of Montgomery Algorithm is correct.For avoiding inverting, present invention also offers the STD form of private key negative value.
To achieve these goals, the present invention provides a kind of endorsement method of multi-faceted anti-side-channel attack and scheme, bag Containing step:
Step one, the modulus N of input RSA, message M, private key element d, public key element e, the length of private key element d is t ratio Spy, the length of public key element e is less than or equal to the bit long of N, and ensures that M is less than N;
Step 2, generates random number trng1 that length is t bit, and takes advantage of public key element with described random number trng1 priority E and private key element d, this operation result deducts currently used random number trng1, and deducts private key element d, obtains data z1;
Step 3, generates random number trng2 that length is t bit, with described random number trng2 as the truth of a matter, in step b Data z1 arriving is index, and bit length is bitlen bit, and execution is following to be operated:
The space of 3 pieces of t bits of setting is respectively S0, S1, A, three block spaces are entered as respectively;S0=S1=1, A=trng2;
I executes following process from 0 to bitlen:
1. obtain the current bit value of z1;
If 2. current bit is 0, calculate S0=S0* A, if current bit is 1, executes S1=S1*A;
3. to A square and put in A;
Verification S0*S1* whether X-A is 0, if not being 0, exits;
Step 4, in step 3, output result is designated as S respectively0, S1
Step 5, generates random number trng3 that length is t bit, and takes advantage of public key element e and private key with this random number priority Element d, this operation result deducts currently used random number trng3, and adds private key element d, obtains data z2;
Step 6, N is modulus, and trng2 is that multiplication factor carries out modular multiplication mask to summary M, obtains result and is designated as maskM;
Step 7, with maskM as the truth of a matter, z2 position index, a, b, c operation in execution such as 3, obtain result S'0, S'1
Step 8, calculates S1*S'1, and with this result as the truth of a matter, public key element e is index, and N is modulus, a in execution 3, b, C tri- step, obtains output result S "0, S "1If, S "1=M, then export S1*S'1, or not output data.
The specific embodiment being provided according to the present invention, the invention discloses following technique effect:
The invention has the beneficial effects as follows, contrast most of attack protection scheme, program mask index and the truth of a matter simultaneously, energy SPA known to protection (simple energy analysis), DPA (differential energy analysis), CPA (chosen -plain attact).Export in scheme simultaneously Power side and power exponent radix-minus-one complement power, it is to avoid the appearance of inversion process, invert time-consuming.In scheme, mould power part, result Output par, c, employs calibration technology respectively, prevents wrong data export technique during fault analysis.
The present invention is prevented from the known power consumption analysis attack such as any type of SPA, DPA, CPA;Prevent mistake simultaneously During attack, export effective wrong data.
The known step easily attacked in effective protection of the present invention RSA STD calculating process.The mould that the present invention provides Power verifies, also can be complete use in the middle of RSACRT computing, realizes the transplanting that the algorithm of mould power and complement code power can be similar to simultaneously To in the point multiplication operation of SM2.In the point multiplication operation being transplanted to SM2 that the verification whether mould power is attacked can be similar to.
Brief description
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to institute in embodiment Need use accompanying drawing be briefly described it should be apparent that, drawings in the following description be only the present invention some enforcement Example, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these accompanying drawings Obtain other accompanying drawings.
Fig. 1 is a kind of schematic flow sheet of the endorsement method of multi-faceted anti-side-channel attack of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation description is it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments.It is based on Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of not making creative work Embodiment, broadly falls into the scope of protection of the invention.
It is an object of the invention to provide a kind of endorsement method of multi-faceted anti-side-channel attack.
Understandable for enabling the above objects, features and advantages of the present invention to become apparent from, below in conjunction with the accompanying drawings and specifically real The present invention is further detailed explanation to apply mode.
Embodiment 1:
A kind of endorsement method of multi-faceted anti-side-channel attack and scheme, the key of common RSA is divided into public key and private key, its Middle e, N are the public key of RSA;D, N are RSA private key.
Commonly the method for RSA key signature is:Sign (M)=MdmodN.Wherein M is to be signed the plucking of user input Will;N, d private key, N is modulus.
Based on basic mould power and the verification of mould power, a kind of signature scheme of multi-faceted anti-side-channel attack is as follows:
(RSA signature) Sign (M, e, d, N);
Generate random number trng1, calculate z1=trng1* (e*d-1)-d;
Generate random number trng, calculate (S0,S1)=EXP (trng, z1, N);If returning 1, export S0, S1Continue executing with 3, otherwise directly return 0, do not export any result;
Generate random number trng2, calculate z2=trng2* (e*d-1)+d;
Calculate maskM=M*trngmodN;
Calculate (S'0,S'1)=EXP (maskM, z2, N);If returning 1, export S'0, S'1Continue executing with 6, otherwise directly Return 0, do not export any result;
Calculate (S "0,S”1)=EXP (S1*S’1, e, N), if S "1=M, then export S1*S'1, otherwise directly return 0, no Export any result.
The key of common RSA is divided into public key and private key, and wherein e, N is the public key of RSA;D, N are RSA private key.
Commonly the method for RSA key signature is:Sign (M)=Mdmod N.Wherein M is to be signed the plucking of user input Will;N, d private key, N is modulus.
First, we devise a kind of basis modulus-power algorithm, from the mode of index low level traversal, calculate x simultaneouslytModN and x~tMod N, wherein~t are the complement codes of t.
Algorithm one (basic mould power) EXP1 (x, t, N):
Output S0、S1;Wherein s0=x~tModN, s1=xtmodN.
Algorithm two (verification of mould power) EXP2 (x, t, N):
3rd, calculate c=S0*S1*x-A
If c=0, export s0=x~eMod N, s1=xeMod N, returns 1;Otherwise not output result, returns 0
Based on algorithm one and algorithm two, it is as follows that we devise a kind of RSA signature algorithm of anti-side-channel attack:
Algorithm three (RSA signature) Sign (M, e, d, N);
Generate random number trng1, calculate z1=trng1* (e*d-1)-d
Generate random number trng, calculate (s0,s1)=EXP (trng, z1, N);If returning 1, export s0, s1Continue executing with 3, otherwise directly return 0, do not export any result
Generate random number trng2, calculate z2=trng2* (e*d-1)+d
Calculate maskM=M*trng mod N
Calculate (S'0,S'1)=EXP (maskM, z2, N);If returning 1, export s'0, s'1Continue executing with 6, otherwise directly Return 0, do not export any result
Calculate (S "0,S”1)=EXP (S1*S'1, e, N), if S "1=M, then export S1*S'1, otherwise directly return 0, no Export any result
Example two
The modulus N of input RSA, message M, the length of private key element d are t, and the length of public key element e is 32 less than or equal to N Bit number, and ensure M be less than N
Generate random number trng1 that length is t bit, and take advantage of public key element e and private key element d with this random number priority, This operation result deducts currently used random number trng1, and deducts private key element d, obtains data z1
Generate random number trng2 that length is t bit, with this data as the truth of a matter, data z1 obtaining in 2 is index (its Bit length is bitlen bit), execution is following to be operated:
3 pieces of (respectively S of setting0、S1, A) t bit space, three block spaces are entered as respectively;S0=S1=1, A= trng2
B, i execute following process from 0 to bitlen:
1. obtain the current bit value of z1
If 2. current bit is 0, calculate S0=S0* A, if current bit is 1, executes S1=S1*A
3. to A square and put in A
C, verification S0*S1* whether x-A is 0, if not being 0, exits
4th, in process 3, output result is designated as S respectively0, S1
5th, generate random number trng3 that length is t bit, and take advantage of public key element e and private key element with this random number priority D, this operation result deducts currently used random number trng3, and adds private key element d, obtains data z2
6th, with N as modulus, trng2 is that multiplication factor carries out modular multiplication mask to summary M, obtains result and is designated as maskM
7th, with maskM as the truth of a matter, z2 position index, a, b, c operation in execution such as 3, obtain result s'0, s'1
8th, calculate S1*S'1, and with this result as the truth of a matter, e (public key element) is index, N is modulus, a, b, c tri- in execution 3 Step, obtains output result S "0, S "1If, S "1=M, then export S1*S'1, or not output data.
The known step easily attacked in effective protection of the present invention RSA STD calculating process.The present invention provides Mould power verifies, also can be complete use in the middle of RSA CRT computing, realizes the shifting that the algorithm of mould power and complement code power can be similar to simultaneously Plant in the point multiplication operation of SM2.In the point multiplication operation being transplanted to SM2 that the verification whether mould power is attacked can be similar to.
Specific case used herein is set forth to the principle of the present invention and embodiment, the saying of above example Bright it is only intended to help and understands the method for the present invention and its core concept;Simultaneously for one of ordinary skill in the art, foundation The thought of the present invention, all will change in specific embodiments and applications.In sum, this specification content is not It is interpreted as limitation of the present invention.

Claims (1)

1. a kind of endorsement method of multi-faceted anti-side-channel attack is it is characterised in that comprise:
Step one, the modulus N of input RSA, message M, private key element d, public key element e, the length of described private key element d is t ratio Spy, the length of described public key element e is less than or equal to the bit long of N, and ensures that M is less than N;
Step 2, generate length be t bit random number trng1, and with described random number trng1 priority take advantage of public key element e and Private key element d, this operation result deducts currently used random number trng1, and deducts private key element d, obtains data z1;
Step 3, generates random number trng2 that length is t bit, with described random number trng2 as the truth of a matter, obtains in step b Data z1 is index, and bit length is bitlen bit, and execution is following to be operated:
The space of 3 pieces of t bits of setting is respectively S0, S1, A, three block spaces are entered as respectively;S0=S1=1, A=trng2;
I executes following process from 0 to bitlen:
1. obtain the current bit value of z1;
If 2. current bit is 0, calculate S0=S0* A, if current bit is 1, executes S1=S1*A;
3. to A square and put in A;
Verification S0*S1* whether X-A is 0, if not being 0, exits;
Step 4, in step 3, output result is designated as S respectively0, S1
Step 5, generates random number trng3 that length is t bit, and takes advantage of public key element e and private key element with this random number priority D, this operation result deducts currently used random number trng3, and adds private key element d, obtains data z2;
Step 6, N is modulus, and trng2 is that multiplication factor carries out modular multiplication mask to summary M, obtains result and is designated as maskM;
Step 7, with maskM as the truth of a matter, z2 position index, a, b, c operation in execution such as 3, obtain result S'0, S1';
Step 8, calculates S1*S′1, and with this result as the truth of a matter, public key element e is index, N is modulus, a, b, c tri- in execution 3 Step, obtains output result S "0, S "1If, S "1=M, then export S1*S′1, or not output data.
CN201610943335.6A 2016-11-02 2016-11-02 A kind of endorsement method of multi-faceted anti-side-channel attack Active CN106452789B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610943335.6A CN106452789B (en) 2016-11-02 2016-11-02 A kind of endorsement method of multi-faceted anti-side-channel attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610943335.6A CN106452789B (en) 2016-11-02 2016-11-02 A kind of endorsement method of multi-faceted anti-side-channel attack

Publications (2)

Publication Number Publication Date
CN106452789A true CN106452789A (en) 2017-02-22
CN106452789B CN106452789B (en) 2019-06-18

Family

ID=58177580

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610943335.6A Active CN106452789B (en) 2016-11-02 2016-11-02 A kind of endorsement method of multi-faceted anti-side-channel attack

Country Status (1)

Country Link
CN (1) CN106452789B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107508678A (en) * 2017-10-13 2017-12-22 成都信息工程大学 The side-channel attack method of RSA masks defence algorithm based on machine learning
CN109379185A (en) * 2018-10-22 2019-02-22 飞天诚信科技股份有限公司 A kind of safe RSA operation implementation method and device
CN109831290A (en) * 2019-01-24 2019-05-31 上海交通大学 For the side Multiple Channel Analysis method based on CAVE algorithm authentication protocol
CN110048840A (en) * 2019-04-28 2019-07-23 苏州国芯科技股份有限公司 A kind of information processing method based on RSA Algorithm, system and associated component
CN112332970A (en) * 2019-08-05 2021-02-05 上海复旦微电子集团股份有限公司 Side channel analysis method, device, medium and equipment for attacking SM9 signature algorithm
CN114048472A (en) * 2022-01-17 2022-02-15 浙江大学 Linear code mask and bit slicing technology-based defense method for resisting bypass attack
CN114679281A (en) * 2022-03-15 2022-06-28 北京宏思电子技术有限责任公司 RSA-based joint signature generation method and device
CN117640090A (en) * 2024-01-25 2024-03-01 蓝象智联(杭州)科技有限公司 Identity verification method and system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040148325A1 (en) * 2003-01-23 2004-07-29 Takashi Endo Information processing means
CN101196964A (en) * 2006-12-07 2008-06-11 上海安创信息科技有限公司 Anti-bypass attack algorithm and chip thereof
US8139763B2 (en) * 2007-10-10 2012-03-20 Spansion Llc Randomized RSA-based cryptographic exponentiation resistant to side channel and fault attacks
CN102468956A (en) * 2010-11-11 2012-05-23 上海华虹集成电路有限责任公司 Method suitable for RSA modular exponentiation calculation
CN103490885A (en) * 2013-10-14 2014-01-01 北京华大信安科技有限公司 Computing method and computing apparatus of RSA ((Rivest-Shamir-Adleman) adopting Chinese remainder theorem
CN103580869A (en) * 2013-11-06 2014-02-12 北京华大信安科技有限公司 CRT-RSA signature method and device
CN104660399A (en) * 2013-11-25 2015-05-27 上海复旦微电子集团股份有限公司 RSA modular exponentiation calculation method and device
CN104811297A (en) * 2015-04-23 2015-07-29 成都信息工程学院 Method for modular multiplication remainder input side channel attacks aiming at M-ary implementation of RSA

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040148325A1 (en) * 2003-01-23 2004-07-29 Takashi Endo Information processing means
CN101196964A (en) * 2006-12-07 2008-06-11 上海安创信息科技有限公司 Anti-bypass attack algorithm and chip thereof
US8139763B2 (en) * 2007-10-10 2012-03-20 Spansion Llc Randomized RSA-based cryptographic exponentiation resistant to side channel and fault attacks
CN102468956A (en) * 2010-11-11 2012-05-23 上海华虹集成电路有限责任公司 Method suitable for RSA modular exponentiation calculation
CN103490885A (en) * 2013-10-14 2014-01-01 北京华大信安科技有限公司 Computing method and computing apparatus of RSA ((Rivest-Shamir-Adleman) adopting Chinese remainder theorem
CN103580869A (en) * 2013-11-06 2014-02-12 北京华大信安科技有限公司 CRT-RSA signature method and device
CN104660399A (en) * 2013-11-25 2015-05-27 上海复旦微电子集团股份有限公司 RSA modular exponentiation calculation method and device
CN104811297A (en) * 2015-04-23 2015-07-29 成都信息工程学院 Method for modular multiplication remainder input side channel attacks aiming at M-ary implementation of RSA

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
CHONG HEE KIM: "How can we overcome both side channel analysis and fault attacks on RSA-CRT", 《IEEE WORKSHOP ON FAULT DIAGNOSIS AND TOLERANCE IN CRYPTOGRAPHY》 *
VLSI DESIGN LAB: "CRT RSA HARDWARE ARCHITECTURE WITH FAULT AND SIMPLE POWER ATTACK COUNTERMEASURES", 《IEEE 2012 15TH EUROMICRO CONFERENCE ON DIGITAL SYSTEM DESIGN》 *
李子木: "一种改进的CRT-RSA防御侧信道攻击算法", 《无线电通信技术》 *
李志远: "侧信道原子化的严格自随机化模幂算法", 《微电子学与计算机》 *
蒋惠萍: "抗侧沟道泄漏信息攻击的安全RSA-CRT算法研究", 《哈尔滨工业大学学报》 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107508678A (en) * 2017-10-13 2017-12-22 成都信息工程大学 The side-channel attack method of RSA masks defence algorithm based on machine learning
CN109379185B (en) * 2018-10-22 2021-04-27 飞天诚信科技股份有限公司 Secure RSA operation implementation method and device
CN109379185A (en) * 2018-10-22 2019-02-22 飞天诚信科技股份有限公司 A kind of safe RSA operation implementation method and device
CN109831290A (en) * 2019-01-24 2019-05-31 上海交通大学 For the side Multiple Channel Analysis method based on CAVE algorithm authentication protocol
CN109831290B (en) * 2019-01-24 2021-06-11 上海交通大学 Side channel analysis method for CAVE algorithm authentication protocol
CN110048840A (en) * 2019-04-28 2019-07-23 苏州国芯科技股份有限公司 A kind of information processing method based on RSA Algorithm, system and associated component
CN110048840B (en) * 2019-04-28 2021-10-15 苏州国芯科技股份有限公司 Information processing method, system and related components based on RSA algorithm
CN112332970A (en) * 2019-08-05 2021-02-05 上海复旦微电子集团股份有限公司 Side channel analysis method, device, medium and equipment for attacking SM9 signature algorithm
CN114048472A (en) * 2022-01-17 2022-02-15 浙江大学 Linear code mask and bit slicing technology-based defense method for resisting bypass attack
CN114679281A (en) * 2022-03-15 2022-06-28 北京宏思电子技术有限责任公司 RSA-based joint signature generation method and device
CN114679281B (en) * 2022-03-15 2023-12-01 北京宏思电子技术有限责任公司 RSA-based joint signature generation method and apparatus
CN117640090A (en) * 2024-01-25 2024-03-01 蓝象智联(杭州)科技有限公司 Identity verification method and system
CN117640090B (en) * 2024-01-25 2024-04-12 蓝象智联(杭州)科技有限公司 Identity verification method and system

Also Published As

Publication number Publication date
CN106452789B (en) 2019-06-18

Similar Documents

Publication Publication Date Title
CN106452789B (en) A kind of endorsement method of multi-faceted anti-side-channel attack
JP5412274B2 (en) Protection from side channel attacks
CN104836670B (en) A kind of SM2 signature algorithm security verification method unknown based on random number
US8767955B2 (en) Protection of a modular exponentiation calculation by multiplication by a random quantity
CN109214195A (en) A kind of the SM2 ellipse curve signature sign test hardware system and method for resisting differential power consumption attack
CN104796250B (en) The side-channel attack method realized for rsa cryptosystem algorithm M-ary
CN108964914A (en) The SM2 dot product framework of preventing side-channel attack
CN108242994A (en) The treating method and apparatus of key
CN103490885B (en) Use the computational methods of the RSA of Chinese remainder theorem and calculate device
Campos et al. Trouble at the CSIDH: protecting CSIDH with dummy-operations against fault injection attacks
CN107896142B (en) Method and device for executing modular exponentiation and computer readable storage medium
KR101061906B1 (en) Basic Computing Device and Method Safe for Power Analysis Attack
TW586086B (en) Method and apparatus for protecting public key schemes from timing, power and fault attacks
Putranto et al. Space and time-efficient quantum multiplier in post quantum cryptography era
Onuki et al. A constant-time algorithm of CSIDH keeping two points
Barenghi et al. A novel fault attack against ECDSA
CN105119929B (en) Safe module exponent outsourcing method and system under single malice Cloud Server
CN103580869B (en) A kind of CRT-RSA signature method and device
CN101436932A (en) Module power computation method capable of resisting simple current drain aggression
CN111931176A (en) Method and device for defending side channel attack and readable storage medium
El Mrabet et al. A practical differential power analysis attack against the miller algorithm
US20140334621A1 (en) Method for Complete Atomic Blocks for Elliptic Curves in Jacobian Coordinates over Prime Fields Countermeasure for Simple-Side Channel Attacks and C-Safe-Fault Attacks for Left-to-Right Algorithms
Pornin Double-odd elliptic curves
EP2293185A1 (en) Exponentiation method resistant against skipping attacks and apparatus for performing the method
Bock SCA resistent implementation of the Montgomery kP-algorithm

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant